On Thu, 2007-03-01 at 07:17 -0500, Stephen Smalley wrote:
> On Thu, 2007-03-01 at 17:46 +0800, Ian jonhson wrote:
> > On 2/7/07, Casey Schaufler <[EMAIL PROTECTED]> wrote:
> > >
> > > --- Ian jonhson <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > > > static int my_setprocattr(struct task_struct *p,
> > > > char *name, void
> > > > *value, size_t size)
> > > > {
> > > > my_struct sl;
> > > > my_struct* ts;
> > > >
> > > > if(current != p)
> > > > return -EACCES;
> > > >
> > > > if(!size)
> > > > return -ERANGE;
> > > >
> > > > if(!strcmp(name, "current"))
> > > > {
> > > > if (copy_from_user(&sl, value, sizeof(my_struct)))
> > > > {
> > > > return -EFAULT;
> > > > }
> > >
> > >
> > > "value" is a kernel address, not a user address.
> > > You can replace this with:
> > >
> > > memcpy(&sl, value, sizeof(my_struct));
> > >
> > > >
> > > > ts = p->security;
> > > > if(ts)
> > > > {
> > > > ts->v1 = sl.v1;
> > > > ts->v2 = sl.v2;
> > > >
> > > > }
> > > > else
> > > > {
> > > > ts->v1 = UNDEFINE_V1;
> > > > ts->v2 = UNDEFINE_V2;
> > > > }
> > >
> > > If ts is NULL this will not work, you know.
> > >
> > > >
> > > >
> > > > return 0;
> > > > }
> > > >
> > > > return size;
> > > > }
> > > >
> > > > After compiling the module and insmod it, I run my
> > > > setselfattr codes
> > > > mentioned last mail and got another error message:
> > > >
> > > > write failed due to: Bad address
> > > >
> > > > Maybe, there are indeed something wrong with my
> > > > hook.
> > >
> > > The change from copy_from_user to memcpy will
> > > take care of today's problem, but you still need to
> > > be carefull about your pointers. If ts is NULL
> > > the code presented will crash.
> > >
> >
> > Ok, change to memcpy(). However, no matter what the function is memcpy
> > or copy_from_user, I all get the error message:
> >
> > write failed due to: Bad address
> >
> > what is the meaning of "Bad address"? Error in kernel address or user
> > address?
> >
> > I have traced the error several days, but nothing can be done to help me.
>
> "Bad address" == EFAULT, i.e. the buf pointer passed to write() is
> outside your program's address space.
>
> As usual, it is harder to help you without seeing your code than it
> would be if you showed it...
Actually, on a second read of your message, I have to wonder whether the
problem is that you left the return -EFAULT part in your hook function,
e.g.
if (memcpy(&s1, value, sizeof(my_struct))
return -EFAULT;
That would obviously cause it to always return -EFAULT - see the memcpy
man page for its return value - it isn't an error code. Casey didn't
say to put mempcy in your conditional; he replaced the whole statement.
BTW, I don't see where you check that size >= sizeof(my_struct) before
performing that memcpy, which would be bad...
--
Stephen Smalley
National Security Agency
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
